**Submitter:** Douglas Walls

**Submission Date:** 2013-02-11

**Source:** WG 14

**Reference Document:**
N1672

**Version:** 1.1

**Date:** October 2013

**Subject:** runtime-constraint issue with sprintf family of
routines in Annex K

**Summary**

In the "Runtime-constraints" section, K.3.5.3.5p2 first sentence it says:

"Neither s nor format shall be a null pointer. n shall neither equal

zero nor be greater than RSIZE_MAX."

So,

if (n == 0 || n > RSIZE_MAX)

/* runtime constraints violation */

This is clear. However the next paragraph K.3.5.3.5p3, says this about "s":

"If there is a runtime-constraint violation, then if s is not a null

pointer and n is greater than zero and less than RSIZE_MAX, then the

snprintf_s function sets s[0] to the null character."

So, it takes action when (n < RSIZE_MAX)

if (s != NULL && n > 0 && n < RSIZE_MAX)

s[0] = '\0';

Question here is, what if n equals RSIZE_MAX? Should we still reset

s[0]?

If I were to say this looks like a typo, would WG14 agree with me?

That is the text of K.3.5.3.5p3 should be:

If there is a runtime-constraint violation, then if s is not a null

pointer and n is greater than zero and not greater than RSIZE_MAX, then the

snprintf_s function sets s[0] to the null character.

This issue applies to all the sprintf family of routines in Annex K

**Suggested Technical Corrigendum**

snprintf_s

Replace K.3.5.3.5p3 with:

If there is a runtime-constraint violation, then if s is not
a null

pointer and n is greater than zero and not greater than
RSIZE_MAX, then the

snprintf_s function sets s[0] to the null character.

sprintf_s

Replace K.3.5.3.6p3 with:

If there is a runtime-constraint violation, then if s is not
a null

pointer and n is greater than zero and not greater than
RSIZE_MAX, then the

sprintf_s function sets s[0] to the null character.

vsnprintf_s

Replace K.3.5.3.12p3 with:

If there is a runtime-constraint violation, then if s is not
a null

pointer and n is greater than zero and not greater than
RSIZE_MAX, then the

vsnprintf_s function sets s[0] to the null character.

vsprintf_s

Replace K.3.5.3.13p3 with:

If there is a runtime-constraint violation, then if s is not
a null

pointer and n is greater than zero and not greater than
RSIZE_MAX, then the

vsprintf_s function sets s[0] to the null character.

Apr 2013 meeting

**Committee Discussion**

- The committee agrees with the assessment and the suggested changes.
- There are, however, other places where similar changes are needed.

**Committee Discussion**

- Further investigation confirmed that there were several other functions that also need similar corrections to their runtime constraints. All of these additional functions also need additional corrections as specified in DR433, and the full resolution of both this defect and the additional issue will be found in the Proposed Technical Corrigendum of DR433.
- That list is:
- K.3.9.1.3 The snwprintf_s function
- K.3.9.1.4 The swprintf_s function
- K.3.9.1.8 The vsnwprintf_s function
- K.3.9.1.9 The vswprintf_s function
- K.3.9.3.2.1 The mbsrtowcs_s function
- K.3.9.3.2.2 The wcsrtombs_s function

- It is noted that with these changes that K.3.5.1.2
`tmpname_s`will have wording inconsistent with respect to these modifications. - Consistent wording would be, in K.3.5.1.2p2 replace "less than or equal to RSIZE_MAX" with "not greater than RSIZE_MAX".
- As such, the committee continues to accept unchanged the Proposed Technical Corrigendum as partial fulfillment of this defect, and that full resolution of the other similar defects will be found in DR433.

**Proposed Technical Corrigendum**

snprintf_s

Replace K.3.5.3.5p3 with:

If there is a runtime-constraint violation, then if s is not
a null

pointer and n is greater than zero and not greater than
RSIZE_MAX, then the

snprintf_s function sets s[0] to the null character.

sprintf_s

Replace K.3.5.3.6p3 with:

If there is a runtime-constraint violation, then if s is not
a null

pointer and n is greater than zero and not greater than
RSIZE_MAX, then the

sprintf_s function sets s[0] to the null character.

vsnprintf_s

Replace K.3.5.3.12p3 with:

If there is a runtime-constraint violation, then if s is not
a null

pointer and n is greater than zero and not greater than
RSIZE_MAX, then the

vsnprintf_s function sets s[0] to the null character.

vsprintf_s

Replace K.3.5.3.13p3 with:

If there is a runtime-constraint violation, then if s is not
a null

pointer and n is greater than zero and not greater than
RSIZE_MAX, then the

vsprintf_s function sets s[0] to the null character.